Vulnerability:
Previous versions of the software allowed users to bypass the "mandatory"
installation of the Clean Access Agent by changing the browser user-agent
string. With version 3.6.0, Cisco added additional detection mechanisms
such as TCP fingerprinting and JavaScript OS detection. By changing the
default parameters of the Windows TCP/IP stack and using a custom HTTPS
client (instead of a browser) the user can still connect to the network
without running any host-based checks. Authentication and remote checks
are not affected.